CVE-2014-9044Sensitive Information Exposure in Server

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 51.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Owncloud Server
Timeline
PublishedFeb 4
Latest updateMay 17

Description

Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDowncloud/owncloud_server7.0.0, 7.0.1, 7.0.2+2

🔴Vulnerability Details

2
GHSA
GHSA-vfr6-xwr2-qjgf: Asset Pipeline in ownCloud 72022-05-17
CVEList
CVE-2014-9044: Asset Pipeline in ownCloud 72015-02-04
CVE-2014-9044 — Sensitive Information Exposure | cvebase